[go: up one dir, main page]

CN1305254C - Method, a server system, a client system, a communication network and computer software products for distributing software packages or updates - Google Patents

Method, a server system, a client system, a communication network and computer software products for distributing software packages or updates Download PDF

Info

Publication number
CN1305254C
CN1305254C CNB2004100708596A CN200410070859A CN1305254C CN 1305254 C CN1305254 C CN 1305254C CN B2004100708596 A CNB2004100708596 A CN B2004100708596A CN 200410070859 A CN200410070859 A CN 200410070859A CN 1305254 C CN1305254 C CN 1305254C
Authority
CN
China
Prior art keywords
client
updates
software
distributing
client system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2004100708596A
Other languages
Chinese (zh)
Other versions
CN1581779A (en
Inventor
S·吕普
H·魏克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent NV
Original Assignee
Alcatel NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel NV filed Critical Alcatel NV
Publication of CN1581779A publication Critical patent/CN1581779A/en
Application granted granted Critical
Publication of CN1305254C publication Critical patent/CN1305254C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to a method for distributing a software package or update over a communication network, where the communication network comprises a server system (S') and at least one client system (Ci'). The method comprises the steps of distributing (P3) the software package or update to the at least one client system (Ci') via the communication system (NCi') by the server system (S') and installing the software package or update on the at least one client system (Ci'), and comprises the further steps of distributing (P6) the software package or update to a further client system via the communication system (NCj') by the at least one client system. The invention relates also to a server system (S'), a client system (Ci'), a communication network (Nci', NCj'), and corresponding computer software products.

Description

分发软件的方法、通信系统和软件产品Method of distributing software, communication system and software product

技术领域technical field

本发明涉及一种在通信网络上分发软件分组或更新的方法。本发明还涉及通信网络、服务器系统、客户端系统、和计算机软件产品。The present invention relates to a method of distributing software packages or updates over a communication network. The invention also relates to communication networks, server systems, client systems, and computer software products.

本发明基于优先权申请EP 03291958.1,其在此引入作为参考。The present invention is based on priority application EP 03291958.1, which is hereby incorporated by reference.

背景技术Background technique

由于计算机系统和通信(电信)系统的复杂性,以及入侵系统中的通信(电信)网络和新兴的技术与发展,非常有必要让这些系统保持最新,即,让软件运行在其最新的版本上。Due to the complexity of computer systems and communication (telecommunication) systems, as well as communication (telecommunication) networks and emerging technologies and developments in intrusion systems, it is very necessary to keep these systems up-to-date, i.e., have the software run on its latest version .

有许多已知的技术用于让软件驱动系统保持最新,例如人工或自动修补,新的(重新)安装,或更新。尤其为了病毒保护装置而不断地部署病毒模式和处理以使得该软件驱动系统能够认出感染并采取相应措施。There are many known techniques for keeping software-driven systems up-to-date, such as manual or automatic patching, new (re)installations, or updates. Especially for virus protection devices, virus patterns and processes are constantly deployed to enable the software-driven system to recognize infections and take corresponding measures.

用于在网络上向许多客户端分发软件(应用程序和数据)的系统和方法是公知的。通常有用于部署软件更新的服务器和使用这些软件更新的客户端。已存在许多更新(传输)协议的变体。一种变体是服务器不断更新客户端的软件。另一种变体是客户端更加主动,它请求软件更新,例如事件驱动。Systems and methods for distributing software (applications and data) over a network to many clients are well known. Typically there are servers for deploying software updates and clients for consuming those software updates. Many variants of the update (transfer) protocol exist. A variant is where the server constantly updates the client's software. Another variant is that the client is more proactive, it requests software updates, e.g. event-driven.

美国专利申请6,123,737说明了用于通过发送到服务器的触发来部署软件分组的更新(传输)协议。作为响应,服务器为客户端创建通知分组。该通知指示服务器自动在通信接口上把软件分组推送到客户端计算机。US patent application 6,123,737 describes an update (transfer) protocol for deploying software packages via triggers sent to a server. In response, the server creates a notification packet for the client. The notification instructs the server to automatically push the software packet to the client computer over the communication interface.

包括自我更新客户端的、由被管理的更新程序使用到支持服务器的网络连接而实现的系统可从美国专利申请6,067,351中获知。A system including a self-updating client implemented by a managed updater using a network connection to a support server is known from US patent application 6,067,351.

软件的自我分发段的一个实例是蠕虫病毒(worm),例如:红码病毒(Code Red virus)。该病毒是利用网络系统的新的自我繁殖的恶意代码系列的第一批中的一个。红码蠕虫是利用了若干种服务器中的脆弱性的自我复制的恶意代码。蠕虫攻击如下进行。假定web服务器会被找到,该病毒试图连接到随机选择的主机。在成功连接后,攻击主机发送精巧设计的HTTP GET请求到受害者,试图利用索引服务中的缓冲器溢出。由于蠕虫的自我繁殖性质,同一利用(HTTP GET请求)被发送到每个随机选出的主机。An example of a self-distributing piece of software is a worm, such as Code Red virus. The virus is one of the first in a new family of self-propagating malicious code that exploits network systems. The Code Red worm is malicious self-replicating code that exploits several vulnerabilities in servers. The worm attack proceeds as follows. Assuming that the web server will be found, the virus attempts to connect to a randomly selected host. After a successful connection, the attacking host sends a crafted HTTP GET request to the victim in an attempt to exploit a buffer overflow in the indexing service. Due to the self-propagating nature of the worm, the same exploit (HTTP GET request) is sent to each randomly selected host.

根据接收该请求的主机的配置,有不同的结果,例如当该利用成功时,蠕虫开始在受害者主机上执行。除了可能的网站损坏之外,受感染的系统可能由于该蠕虫的扫描行为而经受性能的恶化。该恶化可能相当严重,因为有可能蠕虫同时感染该机器多次。被其他受感染主机扫描的未被危及的系统和网络也可能经受严重的服务拒绝。此外,应当注意,虽然红码蠕虫似乎仅仅是损害受感染的系统上的网页和攻击其他系统,但是其所利用的索引脆弱性可以被用来在本地系统安全环境下执行任意代码。这种特权等级实际上给予了攻击者对受害者系统的完全控制。Depending on the configuration of the host receiving the request, there are different outcomes, such as when the exploit is successful, the worm starts executing on the victim host. In addition to possible website corruption, infected systems may experience degraded performance due to the worm's scanning behavior. This degradation can be quite severe, since it is possible for the worm to infect the machine multiple times at the same time. Non-compromised systems and networks scanned by other infected hosts may also experience severe denial of service. Additionally, it should be noted that while the CodeRed worm appears to merely compromise web pages on the infected system and attack other systems, the indexing vulnerability it exploits can be used to execute arbitrary code within the security context of the local system. This privilege level effectively gives the attacker complete control over the victim's system.

由于这种病毒感染和传播(网络)故障的指数级分发行为,需要快速而有效的补救措施(治疗措施)。Due to this exponential distribution behavior of viral infection and propagation (network) failures, fast and effective remedies (therapeutic measures) are required.

发明内容Contents of the invention

该问题由一种用于在通信网络上分发软件分组或更新的方法来解决,该通信网络包括服务器系统和至少两个客户端系统,所述方法包括步骤:This problem is solved by a method for distributing software packages or updates over a communication network comprising a server system and at least two client systems, said method comprising the steps of:

-由服务器系统通过通信系统将软件分组或更新分发到该至少两个客户端系统中的至少一个客户端,以及- distributing software packets or updates by the server system to at least one of the at least two client systems via the communication system, and

-由该至少两个客户端系统中的至少一个客户端通过通信系统将软件分组或更新(递归地)分发到另外的客户端系统(直到另外的客户端系统已经更新完)。- Distributing (recursively) software packages or updates by at least one client of the at least two client systems to further client systems via the communication system (until the further client systems have been updated).

该问题还由一种包括服务器系统和至少一个客户端系统的通信网络来解决,该服务器系统包括用于将软件分组或更新分发到至少一个客户端系统的分发装置,该至少一个客户端系统包括用于在该至少一个客户端系统上安装软件分组或更新的安装装置,其中该至少一个客户端系统还包括用于将软件分组或更新分发到另外的客户端系统的分发装置。This problem is also solved by a communication network comprising a server system comprising distribution means for distributing software packets or updates to at least one client system, and at least one client system comprising Installation means for installing a software package or update on the at least one client system, wherein the at least one client system further comprises distribution means for distributing the software package or update to further client systems.

因此,该问题还由一种用于包括至少一个客户端系统的通信网络的服务器系统来解决,该服务器系统包括用于将软件分组或更新分发到至少一个客户端系统的分发装置,该至少一个客户端系统包括用于在该至少一个客户端系统上安装软件分组或更新的安装装置,其中该服务器系统还包括用于控制至少一个客户端系统将软件分组或更新分发到另外的客户端系统的控制装置。Therefore, the problem is also solved by a server system for a communication network comprising at least one client system, the server system comprising distribution means for distributing software packages or updates to the at least one client system, the at least one The client system comprises installation means for installing software packages or updates on the at least one client system, wherein the server system further comprises means for controlling at least one client system to distribute software packages or updates to other client systems control device.

并且,该问题由一种用于包括服务器系统的通信网络的客户端系统来解决,该服务器系统包括用于将软件分组或更新分发到客户端系统的分发装置,该客户端系统包括用于在客户端系统上安装软件分组或更新的安装装置,其中该客户端系统包括用于将软件分组或更新分发到另外的客户端系统的分发装置。Also, the problem is solved by a client system for a communication network comprising a server system comprising distributing means for distributing software packages or updates to client systems comprising means for distributing software packages or updates to client systems in Installation means for installing a software package or update on a client system, wherein the client system includes distribution means for distributing the software package or update to further client systems.

另外,该问题由一种实现将软件分组或更新在通信网络上分发到客户端系统的计算机软件产品来解决,该计算机软件产品包括实现配置装置和容器装置的编程装置,所述配置装置和容器装置用于将软件分组或更新通过通信网络(递归地)分发到另外的客户端系统。Furthermore, the problem is solved by a computer software product enabling the distribution of software packages or updates to client systems over a communication network, the computer software product comprising programming means implementing configuration means and container means, said configuration means and container means An apparatus for distributing (recursively) software packages or updates over a communication network to further client systems.

并且,该问题由一种用于如前面方法所述的在通信网络上分发软件分组或更新的计算机软件产品来解决。Also, the problem is solved by a computer software product for distributing software packages or updates over a communication network as described in the preceding method.

换句话说,修补或更新的配置模式自身象病毒一样起作用,感染所有没有通过本方法接种(vaccinate)、而该接种应当保护的系统。在被感染后,系统被强制分发治疗病毒。下一步,该病毒以这样一种方式修补该系统:例如,使用这种访问方法的病毒和该治疗本身不能再感染已治愈的系统。In other words, the patched or updated configuration mode itself acts like a virus, infecting all systems not vaccinated by this method, which the vaccinate should protect. After being infected, the system is forced to distribute the healing virus. In a next step, the virus patches the system in such a way that, for example, the virus using this access method and the treatment itself can no longer infect the cured system.

该过程的效果是,所有未被治愈的系统都将帮助分发该治疗。这就造成了所需修补的非常快速的分发。The effect of this process is that all unhealed systems will help distribute the cure. This results in a very rapid distribution of required patches.

因此,本发明的一个优点是提供了在通信网络上的软件修补和更新的快速有效的分发。It is therefore an advantage of the present invention to provide fast and efficient distribution of software patches and updates over a communications network.

本发明的另一个优点是增加了安全性和可靠性。Another advantage of the present invention is increased safety and reliability.

本发明的又一个优点是修补的静默安装,修补的静默安装提高了更新质量和修补质量,由此间接减少了对系统操作者的活动的要求。Yet another advantage of the present invention is the silent installation of patches, which improves update quality and patch quality, thereby indirectly reducing the requirements for system operator activity.

本发明的再一个优点是本发明提供了具有增强的配置模式的方法,其甚至可以应付蠕虫和通信网络的恶化。Yet another advantage of the present invention is that the present invention provides a method with an enhanced configuration mode that can even cope with worms and degradation of communication networks.

附图说明Description of drawings

通过考虑附图和伴随的说明,本发明的这些和许多其它目的和优点对于本领域普通技术人员来说将是显而易见的。These and many other objects and advantages of the present invention will become apparent to those of ordinary skill in the art from consideration of the accompanying drawings and the accompanying description.

图1是现有技术的更新部署模式的示意图;FIG. 1 is a schematic diagram of an update deployment mode in the prior art;

图2是用于根据本发明的在通信网络上分发软件分组或更新的方法的示意图;以及2 is a schematic diagram of a method for distributing software packets or updates over a communication network according to the present invention; and

图3是由根据本发明的方法所施加的更新部署模式的示意图。Fig. 3 is a schematic diagram of an update deployment mode imposed by the method according to the invention.

具体实施方式Detailed ways

图1示出了服务器系统S和一组客户端系统C1、C2、……C9。每个客户端系统通过网络连接NC1、NC2、……NC9分别连接到服务器系统S。服务器系统S和客户端系统Ci在网络连接NCi上通过更新传输协议UTP进行通信。Figure 1 shows a server system S and a set of client systems C1, C2, ... C9. Each client system is connected to the server system S through network connections NC1, NC2, ... NC9 respectively. The server system S and the client system Ci communicate via the update transport protocol UTP over the network connection NCi.

这样,服务器S可以更新客户端系统Ci的软件,或者,客户端系统Ci可以通过通常利用更新传输协议UTP来识别相应的软件分组或更新、将所述软件分组或更新从服务器系统S下载下来并将该软件分组或更新安装在客户端系统Ci上,来更新其软件。In this way, the server S can update the software of the client system Ci, or the client system Ci can identify the corresponding software package or update, download the software package or update from the server system S, and send This software package or update is installed on the client system Ci to update its software.

示出了9个客户端系统C1、C2、……C9。当新的更新产生时,为了更新所有客户端系统C1、C2、……C9,服务器系统S必须处理9个更新,每个客户端系统C1、C2、……C9对应一个。这需要9倍于一次更新的时间。总之,n个客户端更新具有时间复杂度O(n)。Nine client systems C1, C2, ... C9 are shown. When a new update is generated, in order to update all client systems C1, C2, ... C9, the server system S must process 9 updates, one for each client system C1, C2, ... C9. This takes 9 times as long as an update. In summary, n client updates have time complexity O(n).

图2示出了根据本发明的分发方法的步骤,以及在何处,即在什么位置来执行这些步骤。该图示出了服务器系统位置S’、网络连接位置NCi’和客户端系统位置Ci’。该图还示出了更新过程的阶段,即新软件分组是可获得的阶段P1,在病毒外壳中封装的阶段P2,分发阶段P3,感染阶段P4,安装软件分组的阶段P5,和另外的分发阶段P6。Fig. 2 shows the steps of the distribution method according to the present invention, and where, ie at what position, these steps are performed. The figure shows a server system location S', a network connection location NCi' and a client system location Ci'. The figure also shows the phases of the update process, namely phase P1 where new software packages are available, phase P2 when encapsulated in a virus shell, distribution phase P3, infection phase P4, phase P5 where software packages are installed, and additional distribution Stage P6.

在服务器系统位置S’,新软件分组是可获得的阶段P1发起该过程。这里,在服务器系统位置S’,新软件分组通过在病毒外壳中封装的阶段P2成为病毒。在分发阶段P3,该结果通过网络连接点NCi’进行部署,在客户端系统位置Ci’被接收。在感染阶段P4,客户端系统位置Ci’被感染,并且在安装软件分组的阶段P5,安装被封装的软件。然后,在另外的分发阶段P6,病毒又通过另外的网络连接NCj’被预先部署。At server system location S', a new software package is available Phase P1 initiates the process. Here, at the server system location S', the new software packet becomes a virus through a stage P2 of encapsulation in a virus shell. In the distribution phase P3, the result is deployed through the network connection point NCi' and received at the client system location Ci'. In infection phase P4, the client system location Ci' is infected, and in phase P5 of installing software packets, the encapsulated software is installed. Then, in an additional distribution phase P6, the virus is pre-deployed again via an additional network connection NCj'.

换句话说:部署的更新是通过为所述软件分组产生包括部署装置和容器装置的病毒,由服务器系统在所述通信网络上分发所述病毒,并感染所述至少一个客户端系统,促使所述客户端系统进一步安装所述软件分组并在所述通信网络上分发所述病毒用以感染其它客户端系统。In other words: the update of the deployment is by generating a virus for said software packet comprising a deployment means and a container means, said virus is distributed by a server system on said communication network, and infects said at least one client system, causing said The client system further installs the software package and distributes the virus over the communication network to infect other client systems.

客户端自身可能具有传播更新信息的部署装置。先进的更新传输协议可能使客户端系统能够提供关于安装和传播的反馈。The client itself may have deployment means for propagating updated information. Advanced update transfer protocols may enable client systems to provide feedback on installation and propagation.

该方法建立了使用病毒的分发机制来分发修补以例如对抗病毒的系统预防措施。系统可以调用操作符来指示系统的治疗(可以获得更新),该系统包括例如对或为分发控制提供计费的能力。The method establishes a distribution mechanism that uses viruses to distribute patches such as system precautions against viruses. The system may invoke operators to indicate treatment (updates may be obtained) of the system including, for example, the ability to provide billing for or for distribution control.

图3示出了(先进的)服务器系统S’和一组(先进的)客户端系统C1’、C2’、……C9’。服务器系统S’和客户端系统C1’、C2’、……C9’通过网络连接NC1’、NC2’、……NC9’互连。Figure 3 shows a (advanced) server system S' and a set of (advanced) client systems C1', C2', ... C9'. The server system S' and the client systems C1', C2', ... C9' are interconnected through network connections NC1', NC2', ... NC9'.

服务器可根据图2所示的方法分发软件更新。示出了9个客户端系统C1’、C2’、……C9’。当新的更新产生时,新的更新以波状进行部署。The server may distribute software updates according to the method shown in FIG. 2 . Nine client systems C1', C2', ... C9' are shown. New updates are deployed in waves as they come in.

假定从服务器系统S’到客户端系统C1’的第一轮部署需要一次更新的时间。在第二轮部署波中,服务器系统S’和客户端C1’分别通过网络连接NC2’和NC3’将更新分别部署到两个另外的客户端系统C2’和C3’。在第三轮部署波中,服务器系统S’和已经更新的客户端系统C1’、C2’和C3’分别通过网络连接NC4’、NC5’、NC6’和NC7’将更新分别部署到另外4个客户端系统C4’、C5’、C6’和C7’。在下一轮部署波中,余下的客户端系统C8’和C9’通过网络连接NC8’和NC9’进行更新。整个过程需要大约4倍于一次更新的时间。总之,n个客户端更新具有时间复杂度O(log n)。本要求保护的方法的效果是所有治愈的系统都帮助分发治疗。这导致了对操作系统的所需的修补的非常快速的分发。Assume that the first round of deployment from server system S' to client system C1' requires an update time. In the second deployment wave, server system S' and client C1' deploy updates to two additional client systems C2' and C3', respectively, via network connections NC2' and NC3', respectively. In the third round of deployment wave, the server system S' and the updated client systems C1', C2' and C3' respectively deploy the updates to the other four through network connections NC4', NC5', NC6' and NC7' Client systems C4', C5', C6' and C7'. In the next deployment wave, the remaining client systems C8' and C9' are updated via network connections NC8' and NC9'. The whole process takes about 4 times longer than an update. In summary, n client updates have time complexity O(log n). The effect of the claimed method is that all healing systems help to distribute the cure. This results in a very rapid distribution of required patches to the operating system.

为了有利地复接更新,先进的更新传输协议可以包括用于提供关于更新的反馈的装置,该反馈例如是哪些另外的客户端也被递归地更新了。在先进的服务器系统中可以使用该信息跟踪更新部署。更新的协调可以以一种基于如网络连接的环境状况的动态方式,或者甚至以一种静态的方式,即部署图(树)是固定的方式,来自组织地随机驱动。In order to advantageously multiplex updates, the advanced update transfer protocol may comprise means for providing feedback on updates, eg which further clients were also recursively updated. In advanced server systems this information can be used to track update deployments. The coordination of updates can be driven randomly from the organization in a dynamic way based on environmental conditions like network connections, or even in a static way, ie the deployment graph (tree) is fixed.

病毒治疗使用简单的原理进行工作。正是病毒本身,感染了所有未通过本方法被接种的、而该接种应当保护的客户端系统。在感染后,客户端系统被强制分发治疗病毒。Viral therapy works using simple principles. It is the virus itself that infects all client systems that have not been vaccinated by this method, but which immunization should protect. After infection, the client system is forced to distribute the cure virus.

下一步,病毒以这样一种方式修复客户端系统:使用该访问方法的病毒和治疗本身不能再感染已治愈的系统。In a next step, the virus heals the client system in such a way that the virus and cure itself using this access method can no longer infect the cured system.

先进的更新传输协议可具有交互地聚集并协调更新资源的能力,例如,用以管理多个客户端的更新、部分更新或甚至关于更新任务或更新权限的分配。Advanced update delivery protocols may have the ability to aggregate and coordinate update resources interactively, eg, to manage updates for multiple clients, partial updates, or even distribution of update tasks or update rights.

软件分组或更新自身能够被指定包括病毒功能,即,病毒外壳。The software package or update itself can be specified to include virus functionality, ie a virus shell.

目前在计算机科学中存在这样一种趋势:利用自然比拟法,如神经网络、遗传算法等来解决问题。本发明的相应生物对象是反转录病毒。Currently there is such a trend in computer science: use natural analogy methods, such as neural networks, genetic algorithms, etc. to solve problems. Corresponding biological objects of the invention are retroviruses.

反转录病毒是包括由脂质被膜(容器)环绕的、包裹于蛋白质衣壳中的RNA基因组(软件更新)的感染性颗粒。该脂质被膜包含多肽链,多肽链包括受体结合蛋白质,受体结合蛋白质连接到宿主细胞的膜受体,发起感染(分发)的过程。Retroviruses are infectious particles comprising an RNA genome (software update) enclosed in a protein capsid surrounded by a lipid envelope (container). The lipid envelope contains polypeptide chains including receptor binding proteins that link to membrane receptors of the host cell, initiating the process of infection (distribution).

反转录病毒包括作为遗传物质的RNA来取代更加通常的DNA。除了RNA,反转录病毒颗粒还包含反转录酶(或RTase),它使得能够通过使用病毒RNA作为模板(更新)来合成互补DNA分子(cDNA)。Retroviruses include RNA as genetic material instead of the more usual DNA. In addition to RNA, retroviral particles contain reverse transcriptase (or RTase), which enables the synthesis of complementary DNA molecules (cDNA) by using the viral RNA as a template (renewal).

当反转录病毒感染细胞时,它将其RNA连同反转录酶一起注入该细胞的细胞质。从RNA模板产生的cDNA包含来源于病毒的基因指令,并允许宿主细胞的感染继续进行(递归分发)。When a retrovirus infects a cell, it injects its RNA, along with reverse transcriptase, into the cytoplasm of that cell. The cDNA generated from the RNA template contains genetic instructions derived from the virus and allows infection of the host cell to proceed (recursive distribution).

该衣壳可以例如优选地由使用移动代理平台的移动代理或任何其它适用技术来实现,所述其它适用技术例如是例如被红码所使用的若干种web服务器中的安全泄漏(leak)。This wrapper can eg be implemented preferably by a mobile agent using a mobile agent platform or any other suitable technique such as a security leak in several web servers eg used by Redcode.

Claims (6)

1.一种用于在通信网络上分发软件分组或更新的抗病毒保护方法,该通信网络包括服务器系统和至少两个客户端系统,所述方法包括下列步骤:1. An antivirus protection method for distributing software packets or updates over a communication network comprising a server system and at least two client systems, said method comprising the steps of: 由服务器系统通过该通信网络将软件分组或更新分发到该至少两个客户端系统中的至少一个客户端,distributing software packets or updates to at least one of the at least two client systems by the server system over the communications network, 由该至少两个客户端系统中的至少一个客户端通过该通信网络将软件分组或更新递归地分发到另一个客户端系统;以及recursively distributing, by at least one client of the at least two client systems, software packets or updates to another client system over the communication network; and 在该至少两个客户端系统中的至少一个上安装软件分组或更新;installing a software package or update on at least one of the at least two client systems; 其特征在于,所述软件分组是抗病毒模式的。It is characterized in that the software grouping is in an anti-virus mode. 2.根据权利要求1的方法,其中,所述方法包括去除病毒入侵漏洞的步骤。2. The method according to claim 1, wherein said method comprises the step of removing virus intrusion vulnerabilities. 3.根据权利要求1的方法,其中,所述方法还包括将关于分发行为的信息通知给该至少两个客户端系统中的至少一个的步骤。3. The method according to claim 1, wherein said method further comprises the step of notifying at least one of the at least two client systems of information about the distribution action. 4.根据权利要求1的方法,其中,所述方法还包括将关于该至少一个客户端系统的安装或分发行为的信息通知给服务器系统的步骤。4. The method according to claim 1, wherein said method further comprises the step of notifying the server system of information about the installation or distribution action of the at least one client system. 5.一种包括用于分发软件分组或更新的抗病毒保护装置的通信网络,包括服务器系统和至少一个客户端系统,该服务器系统包括用于将软件分组或更新分发到至少一个客户端系统的分发装置,该至少一个客户端系统包括用于在该至少一个客户端系统上安装软件分组或更新的安装装置,该至少一个客户端系统包括用于将软件分组或更新递归地分发到另一个客户端系统的分发装置;其特征在于,所述软件分组是抗病毒模式的。5. A communications network comprising antivirus protection means for distributing software packages or updates, comprising a server system and at least one client system, the server system comprising a system for distributing software packages or updates to at least one client system distribution means, the at least one client system comprising installation means for installing software packages or updates on the at least one client system, the at least one client system comprising means for recursively distributing the software packages or updates to another client A distributing device for an end system; characterized in that, the software package is in an anti-virus mode. 6.根据权利要求5的通信网络,其中,该服务器系统还包括用于控制至少一个客户端系统将软件分组或更新分发到另一个客户端系统的控制装置。6. A communication network according to claim 5, wherein the server system further comprises control means for controlling at least one client system to distribute software packages or updates to another client system.
CNB2004100708596A 2003-08-04 2004-07-23 Method, a server system, a client system, a communication network and computer software products for distributing software packages or updates Expired - Fee Related CN1305254C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP03291958.1 2003-08-04
EP03291958A EP1505797B1 (en) 2003-08-04 2003-08-04 A method, a communication network and a computer software product for distributing software packages or updates

Publications (2)

Publication Number Publication Date
CN1581779A CN1581779A (en) 2005-02-16
CN1305254C true CN1305254C (en) 2007-03-14

Family

ID=33547794

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100708596A Expired - Fee Related CN1305254C (en) 2003-08-04 2004-07-23 Method, a server system, a client system, a communication network and computer software products for distributing software packages or updates

Country Status (5)

Country Link
US (1) US20050034114A1 (en)
EP (1) EP1505797B1 (en)
CN (1) CN1305254C (en)
AT (1) ATE295651T1 (en)
DE (1) DE60300657T2 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2002354094B2 (en) * 2001-12-13 2006-10-19 Sony Interactive Entertainment Inc. Methods and apparatus for secure distribution of program content
KR100983179B1 (en) * 2001-12-21 2010-09-20 소니 컴퓨터 엔터테인먼트 인코포레이티드 Method and equipment for secure distribution of program content
US7474656B2 (en) * 2004-02-25 2009-01-06 Alcatel-Lucent Usa Inc. Data transfer to nodes of a communication network using self-replicating code
JP4334521B2 (en) * 2004-09-20 2009-09-30 株式会社ソニー・コンピュータエンタテインメント Method for enabling execution of software programs in a single processor system
EP1803062A1 (en) * 2004-09-20 2007-07-04 Sony Computer Entertainment Inc. Methods and apparatus for distributing software applications
US8543996B2 (en) * 2005-11-18 2013-09-24 General Electric Company System and method for updating wind farm software
EP1796000A1 (en) * 2005-12-06 2007-06-13 International Business Machines Corporation Method, system and computer program for distributing software products in trial mode
JP4963292B2 (en) * 2006-02-10 2012-06-27 三菱電機株式会社 Remote update system for elevator control program
US20090007096A1 (en) * 2007-06-28 2009-01-01 Microsoft Corporation Secure Software Deployments
EP2316070B1 (en) * 2008-06-24 2019-08-28 Haim Boukai Methods for mobile phone applications
US20110246977A1 (en) * 2010-03-31 2011-10-06 Leviton Manufacturing Co., Inc. Control system code installation and upgrade
CN102195978A (en) * 2011-04-26 2011-09-21 深圳市共济科技有限公司 Software distribution deployment method and system
US9609085B2 (en) 2011-07-28 2017-03-28 Hewlett-Packard Development Company, L.P. Broadcast-based update management
US8818945B2 (en) 2012-07-17 2014-08-26 International Business Machines Corporation Targeted maintenance of computing devices in information technology infrastructure
JP2017007799A (en) * 2015-06-22 2017-01-12 東芝エレベータ株式会社 Passenger conveyor program update system
US20230067108A1 (en) * 2021-08-25 2023-03-02 Kyndryl, Inc. Computer analysis of routing data enabled for autonomous operation and control
CN114153564B (en) * 2021-12-07 2024-04-26 北京字节跳动网络技术有限公司 Near field communication unit access method and device in multiple systems, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1142146A (en) * 1995-07-19 1997-02-05 富士通株式会社 Method for retransmission of information and apparatus thereof
US6052721A (en) * 1994-06-22 2000-04-18 Ncr Corporation System of automated teller machines and method of distributing software to a plurality of automated teller machines
WO2002029551A2 (en) * 2000-10-04 2002-04-11 Intel Corporation Peer to peer software distribution system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6123737A (en) * 1997-05-21 2000-09-26 Symantec Corporation Push deployment of software packages using notification transports
EP0907275A1 (en) * 1997-09-25 1999-04-07 Alcatel Terminal with card reader
US6035423A (en) * 1997-12-31 2000-03-07 Network Associates, Inc. Method and system for providing automated updating and upgrading of antivirus applications using a computer network
US7155487B2 (en) * 2000-11-30 2006-12-26 Intel Corporation Method, system and article of manufacture for data distribution over a network
US7003767B2 (en) * 2001-10-02 2006-02-21 International Business Machines Corp. System and method for remotely updating software applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6052721A (en) * 1994-06-22 2000-04-18 Ncr Corporation System of automated teller machines and method of distributing software to a plurality of automated teller machines
CN1142146A (en) * 1995-07-19 1997-02-05 富士通株式会社 Method for retransmission of information and apparatus thereof
WO2002029551A2 (en) * 2000-10-04 2002-04-11 Intel Corporation Peer to peer software distribution system

Also Published As

Publication number Publication date
EP1505797A1 (en) 2005-02-09
ATE295651T1 (en) 2005-05-15
DE60300657T2 (en) 2006-02-02
EP1505797B1 (en) 2005-05-11
DE60300657D1 (en) 2005-06-16
US20050034114A1 (en) 2005-02-10
CN1581779A (en) 2005-02-16

Similar Documents

Publication Publication Date Title
CN1305254C (en) Method, a server system, a client system, a communication network and computer software products for distributing software packages or updates
Castaneda et al. Worm vs. worm: preliminary study of an active counter-attack mechanism
CN1256634C (en) Method and device for detecting computer virus on network using decoy server
US7203959B2 (en) Stream scanning through network proxy servers
US7389540B2 (en) Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer
WO2007036089A1 (en) A computer system and a security enhancing method thereof
US20130055369A1 (en) System and method for day-zero authentication of activex controls
US20080072324A1 (en) Restricting a processing system being compromised with a threat
CN1758609A (en) Deploying and receiving software over a network susceptible to malicious communication
CN1924863A (en) Method and system for operating software configured for internet access on a remote computer
CN1833228A (en) Apparatus, system, method and computer program for implementing remote client integrity verification
CN107682333A (en) Virtualization safety defense system and method based on cloud computing environment
EP1179196A1 (en) Methods, software, and apparatus for secure communication over a computer network
US20050091538A1 (en) Method, a network protection means, a network node, a network, and a computer software product for disinfection
US20050091514A1 (en) Communication device, program, and storage medium
CN1885788A (en) Network safety protection method and system
Machie et al. Nimda worm analysis
Mirdita et al. Poster: RPKI kill switch
KR100893935B1 (en) Network isolation method of host using ARP
CN101800754A (en) Method for distributing patch
CN110221849A (en) A kind of software update system and method
CN1851608A (en) Method and system for cancelling RO for DRM system
GB2505297A (en) File manifest filter for unidirectional transfer of files
US8407792B2 (en) Systems and methods for computer security
CN101039324A (en) Method, system and apparatus for defending network virus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070314

Termination date: 20180723